Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....

Naw that wouldn't work. I got it figured out. I have another problem though. Is there anyway to change/intercept the MIME type of a response with js or something? The response of my csrf is in json and opens up a file download on some browsers.